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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 8/6/08. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1 - 20 are pending. 
6 

7 Specification 

8 

9 The specification is objected to as failing to provide proper antecedent basis for 

1 0 the claimed subject matter. See 37 CFR 1 .75(d)(1 ) and MPEP § 608.01 (o). Correction 

1 1 of the following is required: 

1 2 The specification fails to provide proper antecedent basis for the recitations of 

13 "...different, independent security services..." as found within claims 1, 6, 11, and 16. 

14 Applicant's present claims attempt to introduce a particular concept of independence 

15 respecting security services, however, it is noted that the applicant's original disclosure 

16 is silent regarding such. 
17 

1 8 Claim Rejections - 35 USC §112 

19 

20 The following is a quotation of the first paragraph of 35 U.S. C. 112: 

21 The specification shall contain a written description of the invention, and of the manner and process of 

22 making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 

23 art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 

24 set forth the best mode contemplated by the inventor of carrying out his invention. 
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1 Claims 1-20 are rejected under 35 U.S.C. 112, first paragraph, as failing to 

2 comply with the written description requirement. The claim(s) contains subject 

3 matter which was not described in the specification in such a way as to reasonably 

4 convey to one skilled in the relevant art that the inventor(s), at the time the application 

5 was filed, had possession of the claimed invention. Applicant has not pointed out where 

6 the new (or amended) claim is supported, nor does there appear to be a written 

7 description of the claim limitations in the application as filed (see above objection to the 

8 specification). 

9 
10 

1 1 Claim Rejections - 35 USC § 103 

12 

1 3 The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

14 obviousness rejections set forth in this Office action: 

15 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

1 6 forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

1 7 the prior art are such that the subject matter as a whole would have been obvious at the time the 

1 8 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

1 9 Patentability shall not be negatived by the manner in which the invention was made. 
20 

21 Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable 

22 over Boden et al. (Boden), "System and Method for Managing Security Objects", 

23 U.S. Patent 6,330, 562 in view of Shapira et al. (Shapira), "Virtual Private Network 

24 Mechanism Incorporating Security Association Processor", U.S. Patent 7,107,464. 



25 



Regarding claim 1, Boden discloses: 
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1 providing a plurality of security policies to be applied to traffic at least one of to or 

2 from a /?osf(7:51 -58), wherein each security policy includes an application instance 

3 identifier identifying a security service (1 5:37-38; 4:1 7-22; fig. 3b:36; fig. 3d:58), at least 

4 two application instance identifiers identifying different, independent security services 

5 that provide security to packets of data according to different protocols at different 

6 layers of a multi-layered protocol stack (8:29-38; 54-67 - Boden discloses a plurality of 

7 individual (i.e. independent) security services associated with key management and 

8 data management for the purpose of securing packets of data. The security services 

9 operating according to different protocols at different layers [e.g. IKE vs. ESP, AH). 

1 0 and creating a plurality of security associations in accordance with the security 

1 1 services identified by the application identifiers, at least two security associations being 

1 2 created in accordance with respective ones of the different security services (2:3-8) 

1 3 associated with at least one application instance identifier to thereby create a 

1 4 centralized key store including the plurality of security policies and security associations 

15 (figs. 3-3d; 3:23-36). 

16 Boden discloses a security database utilized to provide security services. 

17 However, Boden does not appear to explicitly recite that at least one of the security 

1 8 association being created according to a key management protocol that differs from the 

1 9 protocols according to which the security services provide security. 

20 Shapira also discloses a security database utilized to provide security services 

21 (Shapira, 2:47-59; 6:66-7:1 0). Shapira teaches the method of security associations 

22 being created according to a key management protocol that differs from the protocols 
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1 according to which the security services operate (Shapira, 1 5:54-63, e.g. the 

2 implementation of SSL). 

3 It would have been obvious to one of ordinary skill in the art to employ the 

4 methods of Shapira within the system of Boden. This would have been obvious 

5 because one of ordinary skill in the art would have been motivated by the advantages of 

6 a more useful system (i.e. the ability to provision more security services). 
7 

8 Regarding claims 6 and 1 1 they essentially similar apparatus claims 

9 corresponding to the method of claim 1 , and they are rejected, at least, for the same 

10 reasons as claim 1 , and furthermore because the combination enables: 

1 1 a processor configured for providing a plurality of security policies (fig. 1 :18, 19) 

12 ... wherein the first security gateway is configured to apply the security services 

13 identified by identified application instance identifier (4:17-22) to at least one packet of 

14 data to thereby transform the at least one packet of data (fig. 3:80), wherein the first 

15 security gateway is configured for applying the security services to different packets of 

16 data based upon at least one security policy and at least one security association (fig. 1 ; 

17 3:60-4:4; 6:13-31); wherein the processor is configured to relay the transformed packets 

1 8 of data (fig. 1:213; 3:60-4:4) to one or more security gateways, a second security 

19 gateway configured for applying the security service associated with the identified 

20 application instance identifier to the at least one transformed packet of data to thereby 

21 generate a representation of the at least one packet of data (fig. 1 ; 3:60-4:4; 6:13-31 ); 
22 
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1 

2 Regarding claims 2, 3, 9, 12, and 14, the combination further discloses a system 

3 comprising sending and receiving gateways. Each gateway further comprises a key 

4 management policy and a data management policy. Each of the specified policies 

5 provides for associated security services. (3:60-4:22). Each the sending and receiving 

6 gateways receive and transmit packets of which are transformed upon transmission or 

7 reception according to the identified application of security services between nodes 

8 (3:1-20; 3:60-4:16; fig. 1). 
9 

1 0 Regarding claims 4,8, and 1 3, the combination further discloses: 

1 1 at least one security policy further including at least one selector field having at 

1 2 least one selector value in a format common to a plurality of security service protocols, 

1 3 and wherein applying the security service comprises applying the security service 

1 4 further based upon the at least one security policy including the at least one selector 

15 value (1 1 :table 1; figs. 3-3d; 13:1-50; 13:62-14:25). Boden discloses a security policy 

16 having common selector fields utilized to provide security services in accordance with 

1 7 the protocols defined by the policy. 
18 

19 Regarding claims 7, it is rejected, at least, for the same reasons as claims 1 and 

20 6. 
21 
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1 Regarding claims 5, 10, and 15, the combination further discloses creating at 

2 least one security association according to an Internet Key Exchange (IKE) technique 

3 (3:60-4:16). 
4 

5 Regarding claims 1 6 - 20, they are the features and limitations of the above 



6 rejected claims embodies as computer instructions upon a medium. Thus, they are 

7 rejected, at least, for the same reasons as the above rejected claims, and further 

8 because the combination discloses a computer program product for creating and 

9 maintaining a centralized key store (1 5:62-1 6:6). 
10 

1 1 Response to Arguments 

12 

13 Applicant's arguments filed 8/6/08 have been fully considered but they are not 

14 persuasive. 
15 

1 6 Applicant argues or asserts essentially that: 

17 

1 8 (i) To the contrary, however, Applicant notes that IKE is not a security service as is 

1 9 IPSec. That is, IKE is not a security service that provides security to packets of data as 

20 do the different security services of amended independent Claim 1, but is instead a key 

21 management protocol for creating security associations for use in implementing IPSec. 

22 Moreover, IKE and IPSec are not independent security services as are the different 
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1 security services of amended independent Claim 1, but instead operate in concert with 

2 one another to implement the IPSec security service. (Remarks, pg. 9, par. 1 ) 
3 

4 In response, the examiner respectfully points out that the applicant's arguments 

5 appear unsubstantiated and mistaken. 

6 First, it is noted that IKE is a management protocol that serves to provide keys 

7 for encrypting packets. Therefore, IKE is a service used to provide security to packets. 

8 Second, as was noted within the official actions (e.g. Final Rejection, 9/26/07 - 

9 pg. 3:2,3; pg. 6:14-18; Non-Final Rejection, pg. 3:13,14), the examiner points out that 

10 IKE, ESP, and AH are all individual, different, security protocols, operating at different 

1 1 layers, serving to provide security to data packets. While the applicant appears to 

12 object to the fact that these independent services may operate in concert, the examiner 

13 points out that it is a well known fact that independent elements often operate in concert 

14 (e.g. independent people, families, states, nations, etc). 
15 

1 6 (ii) Also in contrast to amended independent Claim 1, neither Boden nor Shapira, 

1 7 taken individually or in any proper combination, teaches or suggests creating security 

18 associations at least two of which are created in accordance with respective ones of 

19 different security services. (Remarks, pg. 9, par. 2) 
20 

21 In response, the examiner respectfully notes that the prior art discloses, as the 

22 applicant appears to admit, that the prior art clearly discloses the creation of a plurality 
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1 of security associations. Furthermore, the prior art shows that each of these security 

2 associations may be created in accordance with respective ones of different security 

3 services (e.g. IKE, ESP, AH - see also Boden, 2:7,8; 8:29-38, 54-67). 
4 

5 (iii) Contrary to the assertions of the Official Action, Boden does in fact disclose a 

6 key management protocol (i.e., IKE) for creating security associations in accordance 

7 with a security service (i.e., IPSec), and that differs from protocols according to which 

8 security services (e.g., IPSec) provide security. Again, however, Boden does not teach 

9 or suggest a plurality of policies including application instance identifiers at least two of 

1 0 which identify different, independent security services, as recited by amended 

1 1 independent Claim 1. And for at least the reason that the recited key management 

1 2 protocol differs from the protocols according to which the security services provide 

1 3 security, IKE cannot be considered a security service, as alleged in the Official Action. 

14 (Remarks, pg. 10, par. 2) 
15 

16 It is respectfully noted that the applicant now argues, "Contrary to the assertions 

1 7 of the Official Action, Boden does in fact disclose a key management protocol (i.e., IKE) 

1 8 for creating security associations in accordance with a security service (i.e., IPSec), and 

1 9 that differs from protocols according to which security services (e.g., IPSec) provide 

20 security." However, this present argument directly contradicts the applicant's previous 

21 assertion : "... IKE is a key management protocol for creating security associations; and 

22 as such, Boden does not teach or suggest creating any security association according 
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1 to a key management protocol (e.g., IKE) that differs from the protocols (allegedly IPSec 

2 and IKE) according to which the security services operate" (Remarks, 1 0/31/07, pg. 1 0, 

3 lines 1-5). 

4 In response, the examiner respectfully notes that the applicant fails to make a 

5 clear and consistent argument. Applicant's arguments do not comply with 37 

6 CFR 1.111 (c) because they do not clearly point out the patentable novelty which he or 

7 she thinks the claims present in view of the state of the art disclosed by the references 

8 cited or the objections made. Further, they do not show how the amendments avoid 

9 such references or objections. 
10 

1 1 (iv) As clearly explained by the Supreme Court in KSR Int' I. Co., then, any finding of 

1 2 obviousness should be based on an apparent reason to combine the prior art, and must 

1 3 be supported by more than mere conclusory statements . In the instant case, the Official 

1 4 Action attempts to support the alleged combination of Andric and Kredo by merely 

1 5 asserting that one skilled in the art would have been "motivated by the advantages of a 

1 6 more useful system (i.e. the ability to provision more security services) to modify Boden 

17 to include the feature of Shapira. Official Action of Feb. 6, 2008, page 4. However, the 

18 Examiner fails to cite any evidence to support this assertion . 
19 

20 In response, the examiner respectfully notes that the applicant's argument 

21 appears to be based upon a misapplication of case law. Specifically, it is noted that 

22 there is no requirement for the citation of evidence. Furthermore, the examiner's 
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1 statements are more than "mere conclusory statements". The examiner has articulated 

2 a reason, well founded in logic, for why one of ordinary skill in the art would have been 

3 motivated to apply the teachings of Shapira with Boden. The applicant, however, fails 

4 to provide any rational as to why this ability of being able to provision more security 

5 services would not be considered an advantage or why such an advantage would not 

6 have motivated one of ordinary skill in the art. The examiner finds the applicant's 

7 argument unpersuasive. 
8 

9 



1 0 Conclusion 

11 

12 The prior art made of record and not relied upon is considered pertinent to 

13 applicant's disclosure: 
14 

1 5 See Notice of References Cited 

16 

17 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

18 policy as set forth in 37 CFR 1.136(a). 

19 A shortened statutory period for reply to this final action is set to expire THREE 

20 MONTHS from the mailing date of this action. In the event a first reply is filed within 

21 TWO MONTHS of the mailing date of this final action and the advisory action is not 

22 mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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1 shortened statutory period will expire on the date the advisory action is mailed, and any 

2 extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 

3 the advisory action. In no event, however, will the statutory period for reply expire later 

4 than SIX MONTHS from the mailing date of this final action. 

5 Any inquiry concerning this communication or earlier communications from the 

6 examiner should be directed to JEFFERY WILLIAMS whose telephone number is 

7 (571 )272-7965. The examiner can normally be reached on 8:30-5:00. 

8 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

9 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

1 0 number for the organization where this application or proceeding is assigned is (703) 

11 872-9306. 

12 Information regarding the status of an application may be obtained from the 

13 Patent Application Information Retrieval (PAIR) system. Status information for 

14 published applications may be obtained from either Private PAIR or Public PAIR. 

15 Status information for unpublished applications is available through Private PAIR only. 

16 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

17 you have questions on access to the Private PAIR system, contact the Electronic 

1 8 Business Center (EBC) at 866-21 7-91 97 (toll-free). 
19 

20 

21 J.Williams 

22 AU 2437 
23 

24 /Emmanuel L. Moise/ 

25 Supervisory Patent Examiner, Art Unit 2437 



Application/Control Number: 10/608,690 Page 13 

Art Unit: 2437 



